Authorization broken in Razor Pages

[davidfowl]

Describe the bug

The Authorize attribute no longer works in Razor Pages applications.

To Reproduce

1. Make a new Razor Pages project with individual auth
2. Add an [Authorize] attribute on the Index page
3. Running the application doesn't redirect to the login page.

Expected behavior

The page should redirect to the Login page.

Additional context

This is using build 3.0.0-preview-19073-0424

Seems like the authorize attribute isn't being exposed as authorize metadata.

cc @rynowak @pranavkm @JamesNK

[rynowak]

I think the right fix for this is that we need to introduce the concept of a dynamic endpoint. This would allow you to run code to replace the Endpoint in between the DFA phase and the EndpointSelectorPolicy phase.

This is also really useful for some of the other scenarios that have blocked users from using endpoint routing when they had a custom IRouter.

The Razor pages infrastructure would plug into this feature and use it to compile the page asynchronously, which would return the rich endpoint.

[rynowak]

I've written about this idea before here: #4221 and I think it would solve many of this class of problems.

[mkArtakMSFT]

@rynowak, do you think your suggested solution is something which can fit in preview3 timeframe?

[mkArtakMSFT]

Looking at the thread it seems that there's a lot of discussion there and things aren't completely clear yet

[rynowak]

do you think your suggested solution is something which can fit in preview3 timeframe

Yes absolutely.

[davidfowl]

I’m unclear on why a new feature is required but I’ll talk to @rynowak about it later

[rynowak]

Because we do routing without having compiled the pages. MVC later swaps in the compiled AD for the routable one.

[pranavkm]

@JamesNK assigning to you to fix the issue for preview3.